The Kaseya Ransomware attack is behind us now. There are takeaway lessons in this attack for small and medium business owners on how to be better prepared with help from their managed IT service providers.
The vulnerability had been previously reported by the Dutch Institute for Vulnerability Disclosure (DIVD) in April 2021. Kaseya was actively working on a patch since the initial report but regrettably, REvil was able to exploit the vulnerability before the Kaseya solution was ready.
Although, the U.S. secret service issued a warning about this type of attack in July of 2020. The Kaseya Ransomware attack was the story of the good hackers racing to stop the bad hackers from getting in and, as Victor Gevers from the Dutch Institute for Vulnerability Disclosure puts it: "Unfortunately, we were beaten by REvil in the final sprint."
The attack was not targeted toward specific networks, but instead mass deployed to IT providers. Although, Kaseya said that fewer than 40 of its own customers had been affected. This Ransomware "supply chain" attack initially targeted Kaseya and soon spread through their corporate network of customers that use its software on Friday, July 2, 2021, (before a major U.S. holiday).
The attack exploited a vulnerability in the remote monitoring and management software (RMM) developed by Kaseya, an IT services provider that sells software applications to MSPs. Kaseya provides software to managed service providers, firms that then provide outsourced IT services to other businesses, so the number of victims was likely significantly higher.
The cyberattack targeted multiple managed IT service providers (MSPs) in a massive supply chain attack that has affected more than 1,500 companies to date. The REvil group claims its malware has hit one million "systems". However, this number has not been verified and the exact total of victims is unknown.
To their credit, Kaseya provided open communication to their customers as they sought help from the United States Government to resolve this crisis as soon as possible.
Kaseya CEO Fred Voccola addressed the cyberattack three days later and said,
“When something happens, it’s how prepared the organization was, how quickly the organization was to admit something happened and not try to hide it, seek help from people and try to focus on the customer and get information out to them.”
The Kaseya cyberattack distributed malware (malicious software) to MSP customers all over the globe. Initially, the gang was demanding the largest ever ransom for a cyberattack: $70 million in bitcoin (which was soon dropped down to $50 million). Most recently, the keys to unscramble the stolen Kaseya computer data was delivered for free, with no ransom paid at all by Kaseya’s customers who were affected. The ‘key’ was delivered from a “trusted third party.”
Kaseya’s decryptor key will allow customers to retrieve missing files, without paying the ransom. The company’s spokeswoman Dana Liedholm declined to answer whether Kaseya had paid for access to the key.
Is there a mystery cyber hero or were the keys even a gift? Did Kaseya pay to unlock their customer’s stolen files? The most desperate companies would have paid the criminal gang quickly to get their business operations back online. Others would hopefully be on their way to recovering by now with backup solutions prepared in advance with the help of their IT provider.
The BBC reported that a hacker who claims to be a part of the inner circle that it was "a trusted partner" who gave the key away on behalf of the group’s leader, who calls himself Unknown. The same contact says it’s all part of "a new beginning."
We want to reassure our clients that Keeran Networks has not been affected by this breach. Our IT support systems are not reliant upon Kaseya software.
A similar ransomware attack was carried out against ConnectWise a Florida-based Business Software company for managed IT service providers in 2019. And it’s official that over 20,000 of the technology firm’s customers were impacted by the attack which took place through an automated vulnerability.
The takeaway is both of these recent cases show how capable and determined these criminals are, and that in spite of all the efforts of the cyber-security world, we may be losing the race against ransomware. The best alternative to fool-proof firewalls is having reliable backups of your most important company data.
Keeran Networks is one of the best technology companies in Edmonton and we are proud to maintain diligent playbooks to protect our customers from threats known and unforeseen.
Talk to us if you want to know more about how to prevent and recover from ransomware attacks without dealing with criminals.